Forum Topic

Unified PFSense Users

  • Cuida on 25 Nov 19 @ 09:19 AM #

    @polka
    you can buy this:

    - HP thin client T610 (it only had 1 gigabit ethernet connection, but a VLAN capable switch can easily fix that)
    - TPlink SG105e


    Is the above setup still good for home network with url filtering, access control, bandwidth control, ips/ids? Thank you.

    -- edited by Cuida on Nov 25 2019, 11:10 AM

  • polka on 26 Nov 19 @ 05:56 AM #

    ^
    yep its still capable machine, that thing can route 1gbit connection without breaking a sweat.

    IPS/IDS is also good, good thing about this hardware is it support upto 16gb of ram so just slap in more ram to it, but the cpu is a bit too much for it so it can only route around 300mbit traffic with suricata enabled.

    url filtering is hopeless now a days due to how SSL website works now, you cant really blame pfsense here, any firewall out there cant handle this thing out there not unless you want to break the internet that badly. Take note if your force MITM the traffic, google services will not work it will always complain about security certificates, if you use the latest google chrome as well, MITM is no longer viable as by default chrome now ignores self sign certificates.

    access control and bandwidth control is probably the basic thing that pfsense can do so yeah sure.

  • dawinsm on 03 Jan 20 @ 02:30 PM #

    sa setup na naka VM ang pfsense
    Pwede ba na isa lang ang LAN card ng host PC, at si pfsense na naka VM ang magiging gateway.

    para sa diskless server na iisa lang ang Lan, possible ba? paano ang settings mga sir?

    thanks

  • polka on 04 Jan 20 @ 08:35 AM #

    ^possible, just get TPlink SG105e or any switch that support 802.1q vlans.

    after that you can just setup your pfsense as 1 network card (both physically and virtualization setting). just make sure that you set the network card setting on the vm to allow all promiscuous mode.

  • dawinsm on 06 Jan 20 @ 01:20 PM #

    @polka
    thanks sa info sir...
  • Post deleted #12286298

  • keistian on 18 Apr 20 @ 07:38 PM #

    Looking to build my own pfsense box.

    Anyone have a good budget build that can handle, over a gigabit connection about 1.4gbit?

  • polka on 19 Apr 20 @ 09:16 AM #

    ^the main computer component should be easy to get, a 1151 motherboard with G4400 should be more than enough. (it can do NAT around 3gbit just fine) for ram 4 -8gb ask your self if you want to run more services on it (eg suricata, pfblocker).

    now for the hardcore part, the NIC, since your aiming 1.4gbit, you have no choice but to go SFP+ or 10GigE card as we say always go with Intel branded nic, you can get this cards on ebay for like around 100-150usd a dual port x540-T2 should be more than enough.


    total damage, around 25k (including case and reputable branded 80+ psu)

  • ejm_110 on 09 Jun 20 @ 07:56 PM #

    Hi,

    Legit po ba yung nagbebenta ng J1900 sa Lazada/Shopee? Puro galing overseas kasi.
    Ano recommende CPU/RAM quantity kung ang goal ay mag load-balance ng total 50-70Mbps multi-ISP links?

    thanks!

  • clay005 on 30 Jun 20 @ 08:14 PM #

    I need help.

    meron akong huwei 5g model h112-370. Need ko i DMZ si PFSENSE para ma enable ko ung RDP (although not safe pero ung server ay tapunan ko lang ng file for remote). Na dedetect naman ni Huwei ung PFSENSE kaso nung I reremote ko na (using NO-IP, by the way ung NO-ip naka enable sya sa PFSENSE) hindi na ma contact ung server.

    I have the same setup before kaso nag palit ako ng ISP.

  • polka on 01 Jul 20 @ 08:09 AM #

    ^dont bother, afaik (feel free to correct me) all wireless connection here in Phlippines are under CGNAT. so setting a DMZ doesnt make sense.

    if you want to remote on your system as if you were doing a port forward. use Zerotier. pfsense also have a "unofficial" zerotier package, still not recommended to install, but you can install it on your computer. What zerotier do is just doing a UDP punch hole, so in this way each computer have a direct connection to each other despite being under a NAT.

  • clay005 on 01 Jul 20 @ 02:04 PM #

    ^
    CGNAT the right term im looking sakin problema... Anyway mukhang ayaw ng magpadaya ng mga ISP ngaun.

  • badburns on 24 Jul 20 @ 03:48 PM #

    Mga sir, kaya po ba ang pfsense ng ganitong specs ng mini pc? Thanks
    PROCESSOR : Intel Celeron 1037U Dual Core 1.8Ghz Processor
    -M.BOARD : Intel NM70 QT-Q100 Industrial Mini Board
    -FRONT PANEL : 1x Power Switch Button / 1x hdd led /4x USB 2.0 / 1X -Microphone Port / 1x Serial Port
    -BACK PANEL : 1x DC Input / 1X HDMI Port / 1x VGA Port / 2x Gigabyte Lan Port / 1x Speaker Port
    -4GB DDR3 Laptop Memory
    -32GB MSata

  • polka on 24 Jul 20 @ 06:56 PM #

    @badburns

    ok pa yan, compared to j1900, that 1037u celeron is faster on single core performance and dual core performance, not bad narin, it should be able to handle gigabit NAT so kaya yan kahit 1gbps pa internet speed mo.

  • badburns on 27 Jul 20 @ 10:28 AM #

    @polka

    Thank you po sa info sir.
  • Post deleted #12347577

  • adamgwap5 on 07 Dec 20 @ 12:26 AM #

    guys ok ba gawing PFSENSE yung mga DELL OPTIPLEX SFF? meron na ba naka try dito?

  • awakeruze on 07 Dec 20 @ 11:57 AM #

    ^
    I don't see any reason for it to not work, TBH.

  • adamgwap5 on 07 Dec 20 @ 04:46 PM #

    ^ kung for heavy torrenting po ano po ma recomend nyo po sir about 10-20k peers connected i3, i5 or i7?

  • polka on 07 Dec 20 @ 06:24 PM #

    ^ you dont need to worry too much on the CPU, not unless you plan to run a IDS/IPS on it or wanting to run a VPN client/server on it.

    since your torrenting with 10-20k peers (im assuming total connected peers), your only worry is the State Table, you will see this counter up if your torrenting really hard, by default with 2GB RAM it should be more than enough even with torrenting, but if you still see this State Table consuming half of your State table size with 2GB RAM, then you can raise it to 4GB, that capacity should be more than enough to cater all those peers without getting hiccup on your router which is a consumer router will definitely having trouble to cope up on this kind of scenario.

  • adamgwap5 on 07 Dec 20 @ 06:29 PM #

    ^ yun talaga ang inaantay ko ang insights ni sir polka tomato days palang kay sir na ako nagpapaturo eh, sir nag post ako sa Reddit ng Torrent Client ko and sa Reddit ng PFSense, How true po na nasa ISP daw po ang bottleneck na hindi daw inaalow ng HardWare ng ISP ang ganyan kadaming Connection kahit daw bumuo pa ako ng i9 na rig useless daw, dito ako nalilito i hope ma sagot mo sir Polka :)

    TLDR

    So in short sir kahit dual core lang basta 8gb+ ram soya na? May na score kasi ako ngayon lang i5-4th gen, 4500 kaya kinuha ko na.

    For reference Tomato router ko na nalunod sa connection noon, na simpleng google lang is 1min bago ma load kahit wala naman na coconsume na traffic yung torrent client at connected lang sa peers.




    -- edited by adamgwap5 on Dec 07 2020, 06:30 PM

  • polka on 07 Dec 20 @ 06:49 PM #

    How true po na nasa ISP daw po ang bottleneck na hindi daw inaalow ng HardWare ng ISP ang ganyan kadaming Connection kahit daw bumuo pa ako ng i9 na rig useless daw


    very possible if your under CGNAT, barag yung NAT equipment ng ISP pag ginawa mo yan, lol, else, if your able to get a Public IP or avail a Static IP, this should not be a issue since on the ISP side all they do is forward and route the packets. If they do some sort of deep packet inspection, problema na nila yan how to not cause bottle neck on their network if they do that.

    So in short sir kahit dual core lang basta 8gb+ ram soya na? May na score kasi ako ngayon lang i5-4th gen, 4500 kaya kinuha ko na.


    yep more than enough.

  • adamgwap5 on 08 Dec 20 @ 08:00 PM #

    How true po na nasa ISP daw po ang bottleneck na hindi daw inaalow ng HardWare ng ISP ang ganyan kadaming Connection kahit daw bumuo pa ako ng i9 na rig useless daw


    very possible if your under CGNAT, barag yung NAT equipment ng ISP pag ginawa mo yan, lol, else, if your able to get a Public IP or avail a Static IP, this should not be a issue since on the ISP side all they do is forward and route the packets. If they do some sort of deep packet inspection, problema na nila yan how to not cause bottle neck on their network if they do that.

    So in short sir kahit dual core lang basta 8gb+ ram soya na? May na score kasi ako ngayon lang i5-4th gen, 4500 kaya kinuha ko na.


    yep more than enough.


    Ayun nga dapa ang net pag umabot ng 10k connection tsk mukhang need ko na talaga mag Static/Public IP

    Sir additional question bakit ganun new install torrent 1 lang dinodownload dapa na whole network kahit di pa nag ddl samantalang sa mga normal routers kayang kaya ano kaya ang problema?

  • clay005 on 08 Dec 20 @ 08:19 PM #

    Sir additional question bakit ganun new install torrent 1 lang dinodownload dapa na whole network kahit di pa nag ddl samantalang sa mga normal routers kayang kaya ano kaya ang problema?


    Ano nakukuha mo speed sa torrent? kalimitan naman nangyayari yan since torrent is using all the possible bandwidth that your ISP can give.

    Limit your download speed probably is your solution.

    or ung sample setup ko. Sa bahay: naka Enable ung Captive Portal then naka register ung MAC address ng mga machine na gagamit ng internet and each one of them meron designated UPload and Download. Kahit ung computer ko na ginagamit ko for Torrent may limit din ang bandwidth so organize ko ung traffic na parang traffic enforcer.

    May iba na nagamit nag Port-Forwarding sa Torrent, i haven't try it yet though. Pero subukan mo un.

  • adamgwap5 on 08 Dec 20 @ 08:25 PM #

    Ano nakukuha mo speed sa torrent? kalimitan naman nangyayari yan since torrent is using all the possible bandwidth that your ISP can give.

    Limit your download speed probably is your solution.

    or ung sample setup ko. Sa bahay: naka Enable ung Captive Portal then naka register ung MAC address ng mga machine na gagamit ng internet and each one of them meron designated UPload and Download. Kahit ung computer ko na ginagamit ko for Torrent may limit din ang bandwidth so organize ko ung traffic na parang traffic enforcer.

    May iba na nagamit nag Port-Forwarding sa Torrent, i haven't try it yet though. Pero subukan mo un.


    1mbps palang dapa na buong network 150mbps ang network eh d ko ma trace ano problema

  • polka on 09 Dec 20 @ 07:32 AM #

    Sir additional question bakit ganun new install torrent 1 lang dinodownload dapa na whole network kahit di pa nag ddl samantalang sa mga normal routers kayang kaya ano kaya ang problema?


    weird, ano ba NIC na gamit mo? try disabling hardware offloading and see if it fixes the problem.

    usually if that happens what you will experiencing is intermittent connection, mahahalata mo yan sa internet browser mo if you reach the max concurrent connection that is set by your ISP (if under CGNAT) is you get a lot of connection reset error in your browser, which can be workaround if you keep refreshing your browser.

  • adamgwap5 on 09 Dec 20 @ 12:00 PM #

    weird, ano ba NIC na gamit mo? try disabling hardware offloading and see if it fixes the problem.

    usually if that happens what you will experiencing is intermittent connection, mahahalata mo yan sa internet browser mo if you reach the max concurrent connection that is set by your ISP (if under CGNAT) is you get a lot of connection reset error in your browser, which can be workaround if you keep refreshing your browser.


    Sinubukan ko na haha potek wala dapa talaga pero confirmed ko na na dahil nga sa cgnat to mukhang need na talaga mag upgrade haha

    Thanks sa help :)

  • polka on 09 Dec 20 @ 07:03 PM #

    ^ try using VPN, AirVPN is good option since it offers easy portforwarding option and since your running pfsense anyway, you can integrate that there.

    im confident that your ISP will only see like 1 UDP connection to the VPN service, and the VPN service will and one of their many exit servers supports million active connections just fine.

    at least this is much cheaper than availing a static IP which is 700 pesos a month atleast from what I know with Globe and Converge with their static IP addon,

    -- edited by polka on Dec 09 2020, 07:05 PM

  • adamgwap5 on 09 Dec 20 @ 08:35 PM #

    ^ try using VPN, AirVPN is good option since it offers easy portforwarding option and since your running pfsense anyway, you can integrate that there.

    im confident that your ISP will only see like 1 UDP connection to the VPN service, and the VPN service will and one of their many exit servers supports million active connections just fine.

    at least this is much cheaper than availing a static IP which is 700 pesos a month atleast from what I know with Globe and Converge with their static IP addon,


    Yup sir yan ang last resort ko VPN unli connections sya salo nya lahat ng connection ko nag try lang ako pf kung kakayanin ba kaso ang isp pala ang bottleneck, prefer ko din na ph ip kasi ung main pc ko gamit ko pang torrent pero ongoing na yung pag build ko ng unraid para may 24/7 low power na na torrenting, ngeyon 24/7 din naman kaso abused si main pc. btw ang gamit ko is purevpn.

  • clay005 on 10 Dec 20 @ 07:15 PM #

    ^Have you tried No-IP? or DDNS?